Header menu link for other important links
X
ALEXIA: A processor with lightweight extensions for memory safety
Published in Association for Computing Machinery
2019
Volume: 18
   
Issue: 6
Abstract
Illegal use of memory pointers is a serious security vulnerability. A large number of malwares exploit the spatial and temporal nature of these vulnerabilities to subvert execution or glean sensitive data froman application. Recent countermeasures attach metadata to memory pointers, which define the pointer's capabilities. The metadata is used by the hardware to validate pointer-based memory accesses. However, recent works have considerable overheads. Further, the pointer validation is decoupled from the actual memory access.We show that this could open up vulnerabilities in multithreaded applications and introduce new vulnerabilities due to speculation in out-of-order processors. In this article, we demonstrate that the overheads can be reduced considerably by efficient metadata management. We show that the hardware can be designed in a manner that would remain safe in multithreaded applications and immune to speculative vulnerabilities.We achieve these by ensuring that the pointer validations and the corresponding memory access is always done atomically and in order. To evaluate our scheme, which we call ALEXIA, we enhance an OpenRISC processor to perform the memory validation at runtime and also add compiler support. ALEXIA is the first hardware countermeasure scheme for memory protection that provides such an end-to-end solution. We evaluate the processor on an Altera FPGA and show that the runtime overhead, on average, is 14%, with negligible impact on the processor's size and clock frequency. There is also a negligible impact on the program's code and data sizes. © 2019 Association for Computing Machinery. All rights reserved.
About the journal
JournalData powered by TypesetACM Transactions on Embedded Computing Systems
PublisherData powered by TypesetAssociation for Computing Machinery
ISSN15399087
Open AccessYes
Concepts (12)
  •  related image
    CRIME
  •  related image
    MALWARE
  •  related image
    Metadata
  •  related image
    BUFFER OVERFLOW ATTACKS
  •  related image
    HARDWARE COUNTERMEASURES
  •  related image
    HEAP EXPLOITS
  •  related image
    MEMORY CORRUPTION
  •  related image
    Multi-threaded application
  •  related image
    OUT-OF-ORDER PROCESSORS
  •  related image
    Security
  •  related image
    Security vulnerabilities
  •  related image
    Program compilers